CN103716167B - Method and device for safely collecting and distributing transmission keys - Google Patents

Method and device for safely collecting and distributing transmission keys Download PDF

Info

Publication number
CN103716167B
CN103716167B CN201310742661.7A CN201310742661A CN103716167B CN 103716167 B CN103716167 B CN 103716167B CN 201310742661 A CN201310742661 A CN 201310742661A CN 103716167 B CN103716167 B CN 103716167B
Authority
CN
China
Prior art keywords
tk
sn
module
system
key
Prior art date
Application number
CN201310742661.7A
Other languages
Chinese (zh)
Other versions
CN103716167A (en
Inventor
林建群
陈瑞兵
束方林
Original Assignee
福建联迪商用设备有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to CN2013100843972 priority Critical
Priority to CN201310084653.8 priority
Priority to CN2013100846538A priority patent/CN103237005A/en
Priority to CN201310084673.5 priority
Priority to CN201310084397.2 priority
Priority to CN2013100846735A priority patent/CN103220271A/en
Priority to CN2013100846538 priority
Priority to CN2013100846735 priority
Priority to CN2013100846716 priority
Priority to CN2013100843972A priority patent/CN103237004A/en
Priority to CN201310084671.6 priority
Priority to CN2013100846716A priority patent/CN103220270A/en
Application filed by 福建联迪商用设备有限公司 filed Critical 福建联迪商用设备有限公司
Priority to CN201310742661.7A priority patent/CN103716167B/en
Publication of CN103716167A publication Critical patent/CN103716167A/en
Application granted granted Critical
Publication of CN103716167B publication Critical patent/CN103716167B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]

Abstract

The invention relates to the field of electronic payment terminals and discloses a method and device for safely collecting and distributing transmission keys. The method includes the generation step and the distribution step. The generation step mainly includes the sub-steps that an operator card is authenticated, a complete machine serial number and a working certificate are loaded, and activation operation is performed on a POS terminal. The distribution step mainly includes the subs-steps that encryption equipment performs encryption and signature on SN-TK data packets in an MTMS system again, and then the SN-TK data packets are distributed to a KMS system. The method and device have the advantages that when each POS terminal is produced, a transmission key (TK) is generated at random, and it is guaranteed that TK data collected by each POS terminal have uniqueness; in the process of TK collection, strict permission verification is performed on an operator, so that safety is guaranteed; in the process of distribution, strict valid verification, and secondary switching encryption and signature are performed, so that accuracy of the collected TK data is guaranteed in the production process.

Description

A kind of safety gathers and the method and device of distribution transmission key

Technical field

The present invention relates to E-Payment field, particularly relate to a kind of safety and gather and the method for distribution transmission key And device.

Background technology

Bank card (BANK Card) is more and more universal as the means of payment, common bank card paying system Single system (POSP), code keypad is received including point of sales terminal (Point Of Sale, POS), POS And hardware encryption equipment (Hardware and Security Module, HSM) (PINPAD).Wherein POS Terminal can accept bank card information, has communication function, and the instruction accepting teller completes financial transaction letter Breath and the equipment exchanged for information about;POS receives single system and manages POS terminal concentratedly, including parameter Downloading, key is downloaded, and accepts, processes or forward the transaction request of POS terminal, and to POS terminal loopback Transaction results information, is the system of centralized management and trading processing;Code keypad (PINPAD) is to various The key that financial transaction is relevant carries out safe storage protection, and PIN is encrypted the safety equipment of protection; Hardware encryption equipment (HSM) is to the transmission peripheral hardware devices that is encrypted of data, for PIN deciphering, Verify message and the correctness of document source and storage key.Personal identification code (Personal Identification Number, PIN), i.e. personal identification number, is the data letter identifying holder's identity legitimacy in on-line transaction Breath, in cyber-net system, any link does not the most allow to occur in clear text manner;Terminal master key (Terminal MasterKey, TMK), during POS terminal work, the master being encrypted working key is close Key, encrypting storing is in system database;POS terminal is widely used in bank card and pays occasion, such as factory It is purchased thing, hotel accommodations etc., is a kind of indispensable modernization means of payment, incorporate people's life Various occasions.Bank card, particularly debit card, be the most all provided with PIN by holder, is paying During, POS terminal, in addition to above sending the data such as the magnetic track information of bank card, also wants holder to input PIN Identity legitimacy for issuing bank checking holder, it is ensured that bank card safety of payment, the wealth of protection holder Produce safety.In order to prevent PIN from revealing or being cracked, it is desirable to the mutual mistake of whole information from terminal to issuing bank Cheng Zhong, whole process carries out safe encipherment protection to PIN, not in any link of computer network system, PIN occurs in clear text manner, and the POS terminal therefore accepting input PIN at present is desirable that outfit key pipe Reason system.

The key code system of POS terminal is divided into two grades: terminal master key (TMK) and working key (WK). Wherein TMK is for being encrypted protection to WK.Every POS terminal has unique TMK, it is necessary to have Safeguard protection, it is ensured that can only write device and participate in calculate, it is impossible to read;TMK is a root the most crucial Key, if TMK is intercepted, working key is just easier to be cracked, and is paid by serious threat bank card Safety.So TMK can download safely to POS terminal, become the key of whole POS terminal safety. Existing TMK download scenarios is as follows:

1, key mother POS scheme: user receives single system hardware encryption equipment and key mother POS input at POS The same transmission encryption key.It is close that POS terminal receives single system initiating terminal master by key mother POS to POS Request downloaded by key, and POS receives single system and drives hardware encryption equipment stochastic generation terminal master key, and adds with transmission Decryption key encrypted transmission is transmitted further to after key mother POS, key mother POS transmission encryption key decryption POS terminal, POS terminal obtains terminal master key in plain text, is saved in POS terminal code keypad, thus real Existing POS terminal and POS receive the synchronization of terminal master key between single system.

2, IC-card deciphering scheme: it is the same with injection in IC-card that user receives single system hardware encryption equipment at POS Transmission encryption key.IC-card is inserted POS terminal by user, and POS terminal is received single system to POS and initiated eventually End master key downloads request, and POS receives single system and drives hardware encryption equipment stochastic generation terminal master key, and uses Transmission encryption keys is transferred to POS terminal, the transmission encryption key decryption in POS terminal IC-card Terminal master key ciphertext, it is thus achieved that terminal master key in plain text, is saved in POS terminal code keypad, thus realizes POS terminal and POS receive the synchronization of terminal master key between single system.

Above two scheme all has the disadvantage that: terminal master key occurs in outside safety equipment in plain text, is anti- Model Key Exposure risk, the download of terminal master key must control to carry out at the safe machine room of administrative center, logical Cross artificial concentration download terminal master key.This just brings after maintenance centre's machine room workload is big, equipment dispatches from the factory Needing transport just can be deployed to trade company to administrative center's safe machine room download key causes cost of transportation to rise, be Lower dress key is concentrated to need a large amount of staff cause into the problems such as this big, maintenance period length of maintenance with the working time.

Summary of the invention

For solving above-mentioned technical problem, the technical scheme that the present invention uses is to provide a kind of safety and gathers The method of transmission key, including step:

After S101, operation terminal receive input operator's password prompt that MTMS system sends, read and insert The operator's card entered and the Actor password of input, and operator's card information is sent to MTMS system to test The legitimacy of card operator's card;

S102, MTMS system judges that the operator's card information received is the most legal, if so, performs step S103, if it is not, return step S101;

S103, MTMS system sends complete machine serial number SN download instruction to POS terminal, and judge sequence Whether number SN downloads successfully, if so, enters step S104, if it is not, return step S101;

S104, MTMS system judges whether operator's card is extracted, and if so, returns step S101, if it is not, Control MTMS system to POS terminal download work certificate;

The work certificate that the checking of S105, POS terminal is downloaded is the most legal, the most then carry from work certificate Take PKI;

S106, POS terminal stochastic generation transmission cipher key T K;

S107, POS terminal use PKI that transmission cipher key T K encryption is generated TK ciphertext, by TK ciphertext and Serial number SN transmits to MTMS system;

TK ciphertext and serial number SN are carried out packing and generate SN-TK packet by S108, MTMS system, And use operator to block SN-TK packet signature;

The SN-TK of corresponding described SN-TK packet is generated success status information by S109, MTMS system Send to POS terminal;

S110, POS terminal judge whether that receiving SN-TK generates success status information, the most then perform Step S111, if it is not, then return step S109;

S111, POS terminal are converted to use state to complete to activate from producing state, and generate eventually inspection Success Flag Send to MTMS system;

S112, MTMS system receives after examining Success Flag eventually, preserves the SN-TK data of this POS terminal Bag.

Another technical solution used in the present invention is to provide the method for a kind of secure distribution transmission key, bag Include step:

The serial number SN that S201, MTMS system obtains the POS terminal that need to carry out remote cipher key download is corresponding SN-TK packet;

S202, MTMS system verifies the legitimacy of SN-TK packet one by one;

S203, MTMS system, according to the customer information corresponding to SN-TK packet, obtains client KMS Cipher key index number corresponding in system configuration table, and send to encryption equipment, obtain required key information, required Key includes the private key Pr for being decrypted SN-TK packet, for entering the TK obtained after deciphering The protection key PK of row symmetric cryptography, for transmission cipher key T K after PK encrypts is calculated The key MAK of MAC value;

It is close that S204, MTMS system obtains corresponding Pr according to Pr call number corresponding for SN-TK from encryption equipment Key information, is decrypted acquisition TK by Pr to SN-TK packet;

S205, MTMS system obtains corresponding client's PK call number according to customer information corresponding for SN-TK, Obtain corresponding PK key information according to PK call number from encryption equipment, by PK to TK, SN and After other data in SN-TK packet are packed, encryption generates new SN-TK packet;

S206, MTMS system obtains corresponding client MAK index according to customer information corresponding for SN-TK Number, obtain corresponding MAK key information according to MAK call number from encryption equipment, by MAK to newly SN-TK packet is signed;

New SN-TK packet after signature is saved in server by S207, MTMS system;

S208, when being transmitted the distribution of cipher key T K, MTMS system will signature after new SN-TK number Send to KMS system according to bag;

New SN-TK after the signature that S209, KMS system docking receives carries out MAK checking and leads in checking Later in KMS system, set up the mapping table of new SN-TK.

Another technical solution used in the present invention is to provide a kind of safety and gathers the device of transmission key, bag Include operation terminal, MTMS system and POS terminal, described MTMS system include the first judge module, SN downloads control module, the second judge module, packetization module, the first sending module and SN-TK packet Preserve module, described POS terminal include the first authentication module, TK generation module, the first encrypting module, the Three judge modules and active module;

Described operation terminal, for after receiving input operator's password prompt that MTMS system sends, is read Take operator's card and the Actor password of input of insertion, and operator's card information is sent to MTMS system Legitimacy with verification operation person's card;

Described first judge module is used for judging that operator's card information that MTMS system receives is the most legal, If so, notice SN downloads control module and performs operation, if it is not, notice operation terminal performs operation;

Described SN downloads control module and is used for sending complete machine serial number SN download instruction to POS terminal, and sentences Whether disconnected serial number SN downloads successfully, if so, notifies that the second judge module performs judgement, if it is not, notice behaviour Make terminal and perform operation;

Whether described second judge module is used for judging that operator blocks and extracts, and if so, notice operation terminal performs Operation, if it is not, control MTMS system to POS terminal download work certificate;

Described first authentication module is for verifying that the work certificate of download is the most legal, the most then from employee's card Book extracts PKI;

Described TK generation module transmits cipher key T K for stochastic generation;

Described first encrypting module is used for using PKI that transmission cipher key T K encryption is generated TK ciphertext, by TK Ciphertext and serial number SN transmit to MTMS system;

Described packetization module generates SN-TK for the TK ciphertext received and serial number SN carry out packing Packet, and use operator to block SN-TK packet signature;

Described first sending module for generating success status letter by the SN-TK of corresponding described SN-TK packet Breath sends to POS terminal;

Described 3rd judge module is used for judging whether POS terminal receives SN-TK and generate success status letter Breath, the most then notice active module performs operation, if it is not, notify that the first sending module performs operation;

Described active module is used for making POS terminal be converted to use state to swash to complete POS terminal from producing state Live, and generate inspection Success Flag transmission eventually to MTMS system;

Described SN-TK packet preserves module for, after receiving whole inspection Success Flag, preserving this POS terminal SN-TK packet.

Another technical solution used in the present invention is to provide the device of a kind of secure distribution transmission key, bag Including MTMS system, encryption equipment and KMS system, described MTMS system includes receiver module, second tests Card module, the 3rd sending module, deciphering module, the second encrypting module, signature blocks, the 4th sending module With TK distribution module;

Described receiver module is corresponding for the serial number SN obtaining the POS terminal that need to carry out remote cipher key download SN-TK packet;

Described second authentication module is for verifying the legitimacy of SN-TK packet one by one;

Described 3rd sending module, for according to the customer information corresponding to SN-TK packet, obtains client Cipher key index number corresponding in KMS system configuration table, and send to encryption equipment, obtain required key information, Required key includes the private key Pr for being decrypted SN-TK packet, for acquisition after deciphering TK carries out the protection key PK of symmetric cryptography, based on carrying out transmission cipher key T K after PK encrypts Calculate the key MAK of MAC value;

Described deciphering module is close for obtaining corresponding Pr according to Pr call number corresponding for SN-TK from encryption equipment Key information, is decrypted acquisition TK by Pr to SN-TK packet;

Described second encrypting module is for obtaining corresponding client's PK rope according to customer information corresponding for SN-TK Quotation marks, obtain corresponding PK key information according to PK call number from encryption equipment, by PK to TK, SN And other data in SN-TK packet pack after encryption generate new SN-TK packet;

Described signature blocks is for obtaining corresponding client MAK index according to customer information corresponding for SN-TK Number, obtain corresponding MAK key information according to MAK call number from encryption equipment, by MAK to newly SN-TK packet is signed;

Described 4th sending module is for being saved in server by the new SN-TK packet after signature;

Described TK distribution module is for when being transmitted the distribution of cipher key T K, by the new SN-TK after signature Packet sends to KMS system;

Described KMS system is for carrying out MAK checking to the new SN-TK after the signature received and testing Demonstrate,prove the mapping table by the new SN-TK of rear foundation.

The invention has the beneficial effects as follows: every POS terminal is when producing, and transmission cipher key T K is all random producing Raw, it is ensured that the TK data that every POS terminal is collected possess uniqueness;In TK gatherer process Operator are carried out strict Authority Verification, the most as much as possible prevents other people from carrying out non-to POS terminal Method operates, it is ensured that its safety;It addition, to the TK data produced before the KMS system being distributed to client All carry out legitimate verification, carry out secondary simultaneously and turn encryption and signature, it is ensured that produce the standard of gathered TK data Really property.

Accompanying drawing explanation

Fig. 1 is the structured flowchart that a kind of safety in an embodiment of the present invention gathers the device of transmission key;

Fig. 2 is the execution flow chart that a kind of safety in an embodiment of the present invention gathers the method for transmission key;

Fig. 3 is the structured flowchart of the device of a kind of secure distribution transmission key in an embodiment of the present invention;

Fig. 4 is the execution flow chart of the method for a kind of secure distribution transmission key in an embodiment of the present invention.

Main element symbol description:

100, operation terminal;

200, MTMS system;210, the first judge module;220, SN downloads control module;230, Two judge modules;240, packetization module;250, the first sending module;260, SN-TK packet preserves mould Block;270, receiver module;280, the second authentication module;290, the 3rd sending module;2100, deciphering mould Block;2110th, two encrypting modules;2120, signature blocks;2130, the 4th sending module;2140、TK Distribution module;

300, POS terminal;310, the first authentication module;320, TK generation module;330, the first encryption Module;340, the 3rd judge module;350, active module;

400, encryption equipment;500, KMS system.

Detailed description of the invention

By describing the technology contents of the present invention, structural feature in detail, being realized purpose and effect, below in conjunction with Embodiment also coordinates accompanying drawing to be explained in detail.

For solving problem present in background technology, the present invention uses a kind of new master key download scenarios, logical Cross POS terminal and randomly generate TK(Transmission Key, transmit key), the TK after producing preserves In the code keypad of POS terminal, and by TK by transmission means transmission required under various application scenarios To KMS system, (Key Management System, key management system, be used for managing terminal master key TMK) in.

As POS terminal application download terminal master key TMK, KMS system uses TK ciphering terminal master Cipher key T MK, and the terminal master key ciphertext after encryption is sent to POS terminal, POS terminal is used after receiving Master key ciphertext is decrypted by TK, obtains terminal master key TMK, and is preserved by terminal master key TMK In code keypad.

So, by TK ciphering terminal master key TMK, TMK is enable to carry out remote transmission, convenient The safety of TMK is downloaded.

In some scenarios, use operation terminal to gather the TK that POS terminal produces, and be responsible for by operation terminal TK is transferred to MTMS system (Material Tracking Management System, Tracing Material system System, mainly uses in plant produced), MTMS systematic unity manage TK, and TK is sent to phase The KMS system answered, described course of conveying by CA center (Certificate Authority, certificate authority, Public Key Infrastructure public key infrastructure technology, special offer network ID authentication clothes are provided Business, is responsible for signing and issuing and managing digital certificate, and has authoritative and third party's trust authority of fairness) mirror Do not operate terminal, MTMS system and the identity of KMS system.Use operation terminal to gather TK can facilitate The rights management that the acquisition operations (can realize a key collection etc.) of TK and TK gather;Use MTMS System can facilitate and is managed collectively TK, convenient after after-sales service time POS terminal data search with under Carry, can realize, by producing single bulk transfer TK, facilitating the transfer management of TK by MTMS system, anti- Only TK misinformates to wrong object;Introducing CA center is possible to prevent pseudo-terminal and pseudo-KMS system to steal TK.

The application scenarios of the present invention is that POS terminal produces TK, and operation terminal gathers TK and is transferred to by TK Third party's (MTMS system), third party (turn encryption) after processing and be sent to KMS system, KMS System receive POS terminal download request after with TK encryption TMK after be sent to POS terminal.

The present invention the most just overcome the technical scheme of the problems referred to above be described in detail.

Referring to Fig. 1, Fig. 1 is the device that a kind of safety in an embodiment of the present invention gathers transmission key Structured flowchart, including including operating terminal 100, MTMS system 200 and POS terminal 300.

Described MTMS system 200 includes that the first judge module 210, SN download control module 220, second Judge module 230, packetization module the 240, first sending module 250 and SN-TK packet preserve module 260.

Described POS terminal 300 includes that the first authentication module 310, TK generation module 320, first encrypt mould Block the 330, the 3rd judge module 340 and active module 350.

Described operation terminal 100 is for carrying at the input operator's password receiving MTMS system 200 transmission After showing, read the operator's card and the Actor password of input inserted, and operator's card information is sent extremely The legitimacy that MTMS system 200 is blocked with verification operation person.

Described first judge module 210 is for judging that operator's card information that MTMS system 200 receives is No legal, if so, notice SN downloads control module 220 and performs operation, if it is not, notice operation terminal 100 Perform operation.

Described SN downloads control module 220 and is used for sending complete machine serial number SN download instruction to POS terminal, And judge whether serial number SN downloads successfully, if so, notify that the second judge module performs judgement, if it is not, logical Know that operation terminal 100 performs operation.

Whether described second judge module 230 is used for judging that operator blocks and extracts, if so, notice operation terminal 100 perform operation, if it is not, control MTMS system 200 to download work certificate to POS terminal 300.

Described first authentication module 310 is for verifying that the work certificate of download is the most legal, the most then from work Deposition extracts PKI.

Described TK generation module 320 transmits cipher key T K for stochastic generation.

Described first encrypting module 330 is used for using PKI that transmission cipher key T K encryption is generated TK ciphertext, will TK ciphertext and serial number SN transmit to MTMS system 200.

Described packetization module 240 generates for the TK ciphertext received and serial number SN carry out packing SN-TK packet, and use operator to block SN-TK packet signature.

Described first sending module 250 is for generating into an account of somebody's meritorious service by the SN-TK of corresponding described SN-TK packet State information sends to POS terminal 300.

Described 3rd judge module 340 is used for judging whether POS terminal receives SN-TK and generate success status Information, the most then notice active module 350 performs operation, if it is not, notify that the first sending module 250 is held Row operation.

Described active module 350 is used for making POS terminal 300 be converted to use state to complete POS from producing state Terminal activates, and generates inspection Success Flag transmission eventually to MTMS system 200.

Described SN-TK packet preserves module 260 for, after receiving whole inspection Success Flag, preserving this POS The SN-TK packet of terminal.

Refer to a kind of safety that Fig. 2, Fig. 2 are corresponding said apparatus in an embodiment of the present invention and gather transmission The execution flow chart of the method for key, the method comprising the steps of:

After S101, operation terminal receive input operator's password prompt that MTMS system sends, read and insert The operator's card entered and the Actor password of input, and operator's card information is sent to MTMS system to test The legitimacy of card operator's card;

S102, MTMS system judges that the operator's card information received is the most legal, if so, performs step S103, if it is not, return step S101;

S103, MTMS system sends complete machine serial number SN download instruction to POS terminal, and judge sequence Whether number SN downloads successfully, if so, enters step S104, if it is not, return step S101;

S104, MTMS system judges whether operator's card is extracted, and if so, returns step S101, if it is not, Control MTMS system to POS terminal download work certificate;

The work certificate that the checking of S105, POS terminal is downloaded is the most legal, the most then carry from work certificate Take PKI;

S106, POS terminal stochastic generation transmission cipher key T K;

S107, POS terminal use PKI that transmission cipher key T K encryption is generated TK ciphertext, by TK ciphertext and Serial number SN transmits to MTMS system;

TK ciphertext and serial number SN are carried out packing and generate SN-TK packet by S108, MTMS system, And use operator to block SN-TK packet signature;

The SN-TK of corresponding described SN-TK packet is generated success status information by S109, MTMS system Send to POS terminal;

S110, POS terminal judge whether that receiving SN-TK generates success status information, the most then perform Step S111, if it is not, then return step S109;

S111, POS terminal are converted to use state to complete to activate from producing state, and generate eventually inspection Success Flag Send to MTMS system;

S112, MTMS system receives after examining Success Flag eventually, preserves the SN-TK data of this POS terminal Bag.

Refer to the device that Fig. 3, Fig. 3 are a kind of secure distribution transmission key in an embodiment of the present invention, Including MTMS system 200, encryption equipment 400 and KMS system 500.

Described MTMS system 200 includes that receiver module the 270, second authentication module the 280, the 3rd sends mould Block 290, deciphering module the 2100, second encrypting module 2110, signature blocks the 2120, the 4th sending module 2130 With TK distribution module 2140.

Described receiver module 270 is for obtaining the serial number SN of the POS terminal that need to carry out remote cipher key download Corresponding SN-TK packet.

Described second authentication module 280 is for verifying the legitimacy of SN-TK packet one by one.

Described 3rd sending module 290, for according to the customer information corresponding to SN-TK packet, obtains visitor Cipher key index number corresponding in the KMS system configuration table of family, and send to encryption equipment 400, obtain required key Information, required key includes the private key Pr for being decrypted SN-TK packet, for obtaining after deciphering The TK taken carries out the protection key PK of symmetric cryptography, for transmission cipher key T K after PK encrypts Carry out calculating the key MAK of MAC value.

Described deciphering module 2100 is right for obtaining from encryption equipment 400 according to Pr call number corresponding for SN-TK The Pr key information answered, is decrypted acquisition TK by Pr to SN-TK packet.

Described second encrypting module 2110 is for obtaining corresponding client according to customer information corresponding for SN-TK PK call number, obtains the PK key information of correspondence, by PK pair according to PK call number from encryption equipment 400 After other data in TK, SN and SN-TK packet are packed, encryption generates new SN-TK packet.

Described signature blocks 2120 is for obtaining corresponding client MAK according to customer information corresponding for SN-TK Call number, obtains the MAK key information of correspondence, passes through MAK according to MAK call number from encryption equipment 400 New SN-TK packet is signed.

Described 4th sending module 2130 is for being saved in server by the new SN-TK packet after signature.

Described TK distribution module 2140, will new after signature for when being transmitted the distribution of cipher key T K SN-TK packet sends to KMS system 500.

Described KMS system 500 is verified also for the new SN-TK after the signature received carries out MAK The mapping table of new SN-TK is set up after being verified.

Wherein, also include POS terminal, described KMS system also includes TMK encrypting module, TMK Sending module, described POS terminal includes that TMK downloads request module and TMK deciphering module.

Described TMK encrypting module is for using the TK terminal master key TMK to being stored in KMS system It is encrypted generation TMK ciphertext and preserves.

Described TMK downloads request module and downloads solicited message for sending TMK to KMS system, should Seek the SN comprising POS terminal in information.

Described TMK sending module for by the SN in solicited message by should the TK of SN encrypted TMK ciphertext send to POS terminal.

Described TMK deciphering module obtains TMK after being used for using TK to be decrypted TMK ciphertext.

Refer to a kind of secure distribution transmission that Fig. 4, Fig. 4 are corresponding said apparatus in an embodiment of the present invention The execution flow chart of the method for key, the method comprising the steps of:

The serial number SN that S201, MTMS system obtains the POS terminal that need to carry out remote cipher key download is corresponding SN-TK packet;

S202, MTMS system verifies the legitimacy of SN-TK packet one by one;

S203, MTMS system, according to the customer information corresponding to SN-TK packet, obtains client KMS Cipher key index number corresponding in system configuration table, and send to encryption equipment, obtain required key information, required Key includes the private key Pr for being decrypted SN-TK packet, for entering the TK obtained after deciphering The protection key PK of row symmetric cryptography, for transmission cipher key T K after PK encrypts is calculated The key MAK of MAC value;

It is close that S204, MTMS system obtains corresponding Pr according to Pr call number corresponding for SN-TK from encryption equipment Key information, is decrypted acquisition TK by Pr to SN-TK packet;

S205, MTMS system obtains corresponding client's PK call number according to customer information corresponding for SN-TK, Obtain corresponding PK key information according to PK call number from encryption equipment, by PK to TK, SN and After other data in SN-TK packet are packed, encryption generates new SN-TK packet;

S206, MTMS system obtains corresponding client MAK index according to customer information corresponding for SN-TK Number, obtain corresponding MAK key information according to MAK call number from encryption equipment, by MAK to newly SN-TK packet is signed;

New SN-TK packet after signature is saved in server by S207, MTMS system;

S208, when being transmitted the distribution of cipher key T K, MTMS system will signature after new SN-TK number Send to KMS system according to bag;

New SN-TK after the signature that S209, KMS system docking receives carries out MAK checking and leads in checking Later in KMS system, set up the mapping table of new SN-TK.

Wherein, further comprise the steps of: after step S209

S210, KMS system uses TK to add the terminal master key TMK being stored in KMS system Close generation TMK ciphertext also preserves;

S211, POS terminal send TMK to KMS system and download solicited message, comprise in this solicited message The SN of POS terminal;

S212, KMS system by the SN in solicited message by should the TMK encrypted for TK of SN Ciphertext sends to POS terminal;

S212, POS terminal use TK to obtain TMK after being decrypted TMK ciphertext.

The beneficial effects of the present invention is, every POS terminal is when producing, and transmission cipher key T K is all random Produce, it is ensured that the TK data that every POS terminal is collected possess uniqueness;At TK gatherer process In operator are carried out strict Authority Verification, the most as much as possible prevent other people from POS terminal being carried out Illegal operation, it is ensured that its safety;It addition, the TK data produced are being distributed to the KMS system of client Before all carry out legitimate verification, carry out simultaneously secondary turn encryption and signature, it is ensured that produce gathered TK data Accuracy.

The foregoing is only embodiments of the invention, not thereby limit the scope of the claims of the present invention, every profit The equivalent structure made by description of the invention and accompanying drawing content or equivalence flow process conversion, or directly or indirectly transport It is used in other relevant technical fields, is the most in like manner included in the scope of patent protection of the present invention.

Claims (6)

1. the method that a safety gathers transmission key, it is characterised in that include step:
After S101, operation terminal receive input operator's password prompt that MTMS system sends, read and insert The operator's card entered and the Actor password of input, and operator's card information is sent to MTMS system to test The legitimacy of card operator's card;Described MTMS system is Tracing Material system;
S102, MTMS system judges that the operator's card information received is the most legal, if so, performs step
S103, if it is not, return step S101;
S103, MTMS system transmission complete machine serial number SN download instruction is to POS terminal, and judges sequence Whether row SN downloads successfully, if so, enters step S104, if it is not, return step S101;
S104, MTMS system judges whether operator's card is extracted, and if so, returns step S101, if it is not, Control MTMS system to POS terminal download work certificate;
The work certificate that the checking of S105, POS terminal is downloaded is the most legal, the most then carry from work certificate Take PKI;
S106, POS terminal stochastic generation transmission cipher key T K;
S107, POS terminal use PKI that transmission cipher key T K encryption is generated TK ciphertext, by TK ciphertext Transmit to MTMS system with serial number SN;
TK ciphertext and serial number SN are carried out packing and generate SN-TK packet by S108, MTMS system, And use operator to block SN-TK packet signature;
The SN-TK of corresponding described SN-TK packet is generated success status information by S109, MTMS system Send to POS terminal;
S110, POS terminal judge whether that receiving SN-TK generates success status information, the most then hold Row step S111, if it is not, then return step S109;
S111, POS terminal are converted to use state to complete to activate from producing state, and generate eventually inspection Success Flag Send to MTMS system;
S112, MTMS system receives after examining Success Flag eventually, preserves the SN-TK data of this POS terminal Bag.
2. the method for secure distribution transmission key, it is characterised in that include step:
S201, MTMS system obtains serial number SN pair of the POS terminal that need to carry out remote cipher key download The SN-TK packet answered;Described MTMS system is Tracing Material system;
S202, MTMS system verifies the legitimacy of SN-TK packet one by one;
S203, MTMS system, according to the customer information corresponding to SN-TK packet, obtains client KMS
Cipher key index number corresponding in system configuration table, and send to encryption equipment, obtain required key information, Required
Key includes the private key Pr for being decrypted SN-TK packet, for acquisition after deciphering TK carries out the protection key PK of symmetric cryptography, for carrying out transmission cipher key T K after PK encrypts Calculate the key MAK of MAC value;
S204, MTMS system obtains corresponding Pr according to Pr call number corresponding for SN-TK from encryption equipment Key information, is decrypted acquisition TK by Pr to SN-TK packet;
S205, MTMS system obtains corresponding client PK index according to customer information corresponding for SN-TK Number, obtain corresponding PK key information according to PK call number from encryption equipment, by PK to TK, SN with And other data in SN-TK packet pack after encryption generate new SN-TK packet;
S206, MTMS system obtains corresponding client's MAK rope according to customer information corresponding for SN-TK Quotation marks, obtain corresponding MAK key information according to MAK call number from encryption equipment, by MAK pair New SN-TK packet is signed;
New SN-TK packet after signature is saved in server by S207, MTMS system;
S208, when being transmitted the distribution of cipher key T K, MTMS system will signature after new SN-TK number Send to KMS system according to bag;
New SN-TK after the signature that S209, KMS system docking receives carries out MAK checking and in checking In KMS system, the mapping table of new SN-TK is set up after by.
The method of a kind of secure distribution the most according to claim 2 transmission key, it is characterised in that: Also include after step S209:
S210, KMS system uses TK to carry out the terminal master key TMK being stored in KMS system Encryption generates TMK ciphertext and preserves;
S211, POS terminal send TMK to KMS system and download solicited message, wrap in this solicited message SN containing POS terminal;
S212, KMS system by the SN in solicited message by should the TMK encrypted for TK of SN Ciphertext sends to POS terminal;S212, POS terminal use TK to obtain after being decrypted TMK ciphertext Take TMK.
4. a safety gathers the device transmitting key, it is characterised in that include operating terminal, MTMS system System and POS terminal, described MTMS system include the first judge module, SN download control module, the Two judge modules, packetization module, the first sending module and SN-TK packet preserve module, and described POS is eventually End includes the first authentication module, TK generation module, the first encrypting module, the 3rd judge module and active module; Described MTMS system is Tracing Material system;
Described operation terminal is used for after receiving input operator's password prompt that MTMS system sends, Read the operator's card and the Actor password of input inserted, and operator's card information is sent to MTMS system System is with the legitimacy of verification operation person's card;
Described first judge module is for judging whether operator's card information that MTMS system receives closes Method,
If so, notice SN downloads control module and performs operation, if it is not, notice operation terminal performs operation;
Described SN downloads control module and is used for sending complete machine serial number SN download instruction to POS terminal, and Judge whether serial number SN downloads successfully, if so, notify that the second judge module performs judgement, if it is not, logical Know that operation terminal performs operation;
Whether described second judge module is used for judging that operator blocks and extracts, and if so, notice operation terminal performs Operation, if it is not, control MTMS system to POS terminal download work certificate;
Described first authentication module is for verifying that the work certificate of download is the most legal, the most then from employee's card Book extracts PKI;
Described TK generation module transmits cipher key T K for stochastic generation;
Described first encrypting module is used for using PKI that transmission cipher key T K encryption is generated TK ciphertext, by TK Ciphertext and serial number SN transmit to MTMS system;
Described packetization module generates SN-TK for the TK ciphertext received and serial number SN carry out packing Packet, and use operator to block SN-TK packet signature;
Described first sending module for generating success status letter by the SN-TK of corresponding described SN-TK packet Breath sends to POS terminal;
Described 3rd judge module is used for judging whether POS terminal receives SN-TK and generate success status letter Breath, the most then notice active module performs operation, if it is not, notify that the first sending module performs operation;
Described active module is used for making POS terminal be converted to use state to swash to complete POS terminal from producing state Live, and generate inspection Success Flag transmission eventually to MTMS system;
Described SN-TK packet preserves module for, after receiving whole inspection Success Flag, preserving this POS eventually The SN-TK packet of end.
5. the device of a secure distribution transmission key, it is characterised in that include MTMS system, encryption Machine and KMS system, described MTMS system includes receiver module, the second authentication module, the 3rd transmission mould Block, deciphering module, the second encrypting module, signature blocks, the 4th sending module and TK distribution module;Institute Stating MTMS system is Tracing Material system;
Described receiver module is for obtaining serial number SN pair of the POS terminal that need to carry out remote cipher key download The SN-TK packet answered;
Described second authentication module is for verifying the legitimacy of SN-TK packet one by one;
Described 3rd sending module, for according to the customer information corresponding to SN-TK packet, obtains client Cipher key index number corresponding in KMS system configuration table, and send to encryption equipment, obtain required key information,
Required key includes the private key Pr for being decrypted SN-TK packet, for obtaining after deciphering TK carry out symmetric cryptography protection key PK, for through PK encrypt after transmission cipher key T K enter Row calculates the key MAK of MAC value;
Described deciphering module is for obtaining corresponding Pr according to Pr call number corresponding for SN-TK from encryption equipment Key information, is decrypted acquisition TK by Pr to SN-TK packet;
Described second encrypting module is for obtaining corresponding client PK according to customer information corresponding for SN-TK Call number, obtains corresponding PK key information according to PK call number from encryption equipment, by PK to TK, After other data in SN and SN-TK packet are packed, encryption generates new SN-TK packet;
Described signature blocks is for obtaining corresponding client's MAK rope according to customer information corresponding for SN-TK Quotation marks, obtain corresponding MAK key information according to MAK call number from encryption equipment, by MAK pair New SN-TK packet is signed;
Described 4th sending module is for being saved in server by the new SN-TK packet after signature;
Described TK distribution module, will new after signature for when being transmitted the distribution of cipher key T K SN-TK packet sends to KMS system;
Described KMS system for the new SN-TK after the signature received carried out MAK checking and The mapping table of new SN-TK is set up after being verified.
The device of a kind of secure distribution the most according to claim 5 transmission key, it is characterised in that: also Including POS terminal, described KMS system also includes TMK encrypting module, TMK sending module, Described POS terminal includes that TMK downloads request module and TMK deciphering module;
Described TMK encrypting module is for using the TK terminal master key to being stored in KMS system TMK is encrypted generation TMK ciphertext and preserves;
Described TMK downloads request module and downloads solicited message for sending TMK to KMS system, should Solicited message comprises the SN of POS terminal;
Described TMK sending module for by the SN in solicited message by should SN TK encrypt The TMK ciphertext crossed sends to POS terminal;
Described TMK deciphering module obtains TMK after being used for using TK to be decrypted TMK ciphertext.
CN201310742661.7A 2013-03-15 2013-12-27 Method and device for safely collecting and distributing transmission keys CN103716167B (en)

Priority Applications (13)

Application Number Priority Date Filing Date Title
CN2013100846538A CN103237005A (en) 2013-03-15 2013-03-15 Method and system for key management
CN201310084673.5 2013-03-15
CN201310084397.2 2013-03-15
CN2013100846735A CN103220271A (en) 2013-03-15 2013-03-15 Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key
CN2013100846538 2013-03-15
CN2013100846735 2013-03-15
CN2013100846716 2013-03-15
CN2013100843972A CN103237004A (en) 2013-03-15 2013-03-15 Key download method, key management method, method, device and system for download management
CN201310084671.6 2013-03-15
CN2013100846716A CN103220270A (en) 2013-03-15 2013-03-15 Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key
CN2013100843972 2013-03-15
CN201310084653.8 2013-03-15
CN201310742661.7A CN103716167B (en) 2013-03-15 2013-12-27 Method and device for safely collecting and distributing transmission keys

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310742661.7A CN103716167B (en) 2013-03-15 2013-12-27 Method and device for safely collecting and distributing transmission keys

Publications (2)

Publication Number Publication Date
CN103716167A CN103716167A (en) 2014-04-09
CN103716167B true CN103716167B (en) 2017-01-11

Family

ID=50363015

Family Applications (28)

Application Number Title Priority Date Filing Date
CN201310740567.8A CN103729944B (en) 2013-03-15 2013-12-27 A kind of method and system of secure download terminal master key
CN201310740642.0A CN103731259B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310740574.8A CN103729945B (en) 2013-03-15 2013-12-27 A kind of method and system of secure download terminal master key
CN201310742661.7A CN103716167B (en) 2013-03-15 2013-12-27 Method and device for safely collecting and distributing transmission keys
CN201310740100.3A CN103714633B (en) 2013-03-15 2013-12-27 A kind of method of safe generating transmission key and POS terminal
CN201310740410.5A CN103729942B (en) 2013-03-15 2013-12-27 Transmission security key is transferred to the method and system of key server from terminal server
CN201310740244.9A CN103701609B (en) 2013-03-15 2013-12-27 A kind of server and the method and system operating terminal two-way authentication
CN201310742686.7A CN103745351B (en) 2013-03-15 2013-12-27 A kind of acquisition method and system for transmitting cipher key T K
CN201310740285.8A CN103729940B (en) 2013-03-15 2013-12-27 A kind of main cipher key T MK method for safely downloading of terminal and system
CN201310740644.XA CN103714638B (en) 2013-03-15 2013-12-27 A kind of method and system of quick position terminal master key failed download
CN201310740264.6A CN103701812B (en) 2013-03-15 2013-12-27 TMK (Terminal Master Key) secure downloading method and system
CN201310740158.8A CN103716320B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310740308.5A CN103729941B (en) 2013-03-15 2013-12-27 A kind of main cipher key T MK method for safely downloading of terminal and system
CN201310741949.2A CN103731260B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and system
CN201310740231.1A CN103714635B (en) 2013-03-15 2013-12-27 A kind of POS terminal and terminal master key downloading mode collocation method thereof
CN201310742991.6A CN103714641B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK method for safely downloading and system
CN201310740380.8A CN103714637B (en) 2013-03-15 2013-12-27 A kind of transmission security key sending method and system, operating terminal
CN201310740537.7A CN103746800B (en) 2013-03-15 2013-12-27 TMK (terminal master key) safe downloading method and system
CN201310742886.2A CN103716321B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310742713.0A CN103701610B (en) 2013-03-15 2013-12-27 A kind of acquisition method and system for transmitting cipher key T K
CN201310741948.8A CN103714639B (en) 2013-03-15 2013-12-27 A kind of method and system that realize the operation of POS terminal security
CN201310740360.0A CN103714636B (en) 2013-03-15 2013-12-27 A kind of method of batch capture and upload transfers cipher key T K data and operating terminal
CN201310740188.9A CN103716153B (en) 2013-03-15 2013-12-27 Terminal master key TMK safety downloading method and systems
CN201310740430.2A CN103729943B (en) 2013-03-15 2013-12-27 A kind of method and system transmission security key being imported KMS system
CN201310740226.0A CN103714634B (en) 2013-03-15 2013-12-27 A kind of method of main key of secure download terminal and system
CN201310740540.9A CN103716154B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310742681.4A CN103714640B (en) 2013-03-15 2013-12-27 A kind of sending method of transmission security key and system
CN201310742648.1A CN103716155B (en) 2013-03-15 2013-12-27 A kind of method of automated maintenance POS terminal and operation terminal

Family Applications Before (3)

Application Number Title Priority Date Filing Date
CN201310740567.8A CN103729944B (en) 2013-03-15 2013-12-27 A kind of method and system of secure download terminal master key
CN201310740642.0A CN103731259B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310740574.8A CN103729945B (en) 2013-03-15 2013-12-27 A kind of method and system of secure download terminal master key

Family Applications After (24)

Application Number Title Priority Date Filing Date
CN201310740100.3A CN103714633B (en) 2013-03-15 2013-12-27 A kind of method of safe generating transmission key and POS terminal
CN201310740410.5A CN103729942B (en) 2013-03-15 2013-12-27 Transmission security key is transferred to the method and system of key server from terminal server
CN201310740244.9A CN103701609B (en) 2013-03-15 2013-12-27 A kind of server and the method and system operating terminal two-way authentication
CN201310742686.7A CN103745351B (en) 2013-03-15 2013-12-27 A kind of acquisition method and system for transmitting cipher key T K
CN201310740285.8A CN103729940B (en) 2013-03-15 2013-12-27 A kind of main cipher key T MK method for safely downloading of terminal and system
CN201310740644.XA CN103714638B (en) 2013-03-15 2013-12-27 A kind of method and system of quick position terminal master key failed download
CN201310740264.6A CN103701812B (en) 2013-03-15 2013-12-27 TMK (Terminal Master Key) secure downloading method and system
CN201310740158.8A CN103716320B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310740308.5A CN103729941B (en) 2013-03-15 2013-12-27 A kind of main cipher key T MK method for safely downloading of terminal and system
CN201310741949.2A CN103731260B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and system
CN201310740231.1A CN103714635B (en) 2013-03-15 2013-12-27 A kind of POS terminal and terminal master key downloading mode collocation method thereof
CN201310742991.6A CN103714641B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK method for safely downloading and system
CN201310740380.8A CN103714637B (en) 2013-03-15 2013-12-27 A kind of transmission security key sending method and system, operating terminal
CN201310740537.7A CN103746800B (en) 2013-03-15 2013-12-27 TMK (terminal master key) safe downloading method and system
CN201310742886.2A CN103716321B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310742713.0A CN103701610B (en) 2013-03-15 2013-12-27 A kind of acquisition method and system for transmitting cipher key T K
CN201310741948.8A CN103714639B (en) 2013-03-15 2013-12-27 A kind of method and system that realize the operation of POS terminal security
CN201310740360.0A CN103714636B (en) 2013-03-15 2013-12-27 A kind of method of batch capture and upload transfers cipher key T K data and operating terminal
CN201310740188.9A CN103716153B (en) 2013-03-15 2013-12-27 Terminal master key TMK safety downloading method and systems
CN201310740430.2A CN103729943B (en) 2013-03-15 2013-12-27 A kind of method and system transmission security key being imported KMS system
CN201310740226.0A CN103714634B (en) 2013-03-15 2013-12-27 A kind of method of main key of secure download terminal and system
CN201310740540.9A CN103716154B (en) 2013-03-15 2013-12-27 A kind of terminal master key TMK safety downloading method and systems
CN201310742681.4A CN103714640B (en) 2013-03-15 2013-12-27 A kind of sending method of transmission security key and system
CN201310742648.1A CN103716155B (en) 2013-03-15 2013-12-27 A kind of method of automated maintenance POS terminal and operation terminal

Country Status (2)

Country Link
CN (28) CN103729944B (en)
WO (5) WO2014139412A1 (en)

Families Citing this family (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103729944B (en) * 2013-03-15 2015-09-30 福建联迪商用设备有限公司 A kind of method and system of secure download terminal master key
CN105281896B (en) * 2014-07-17 2018-11-27 深圳华智融科技股份有限公司 A kind of key POS machine Activiation method and system based on elliptic curve
CN104270346B (en) * 2014-09-12 2017-10-13 北京天行网安信息技术有限责任公司 The methods, devices and systems of two-way authentication
CN104363090A (en) * 2014-11-19 2015-02-18 成都卫士通信息产业股份有限公司 Secret key distribution device and method for enhancing safety of banking terminal equipment
CN105681263B (en) * 2014-11-20 2019-02-12 广东华大互联网股份有限公司 A kind of secrete key of smart card remote application method and application system
CN104486323B (en) * 2014-12-10 2017-10-31 福建联迪商用设备有限公司 A kind of POS terminal controlled networking activation method and device safely
CN104410641B (en) * 2014-12-10 2017-12-08 福建联迪商用设备有限公司 A kind of POS terminal controlled networking activation method and device safely
US9485250B2 (en) * 2015-01-30 2016-11-01 Ncr Corporation Authority trusted secure system component
CN106204034B (en) * 2015-04-29 2019-07-23 中国电信股份有限公司 Using the mutual authentication method and system of interior payment
CN105117665B (en) * 2015-07-16 2017-10-31 福建联迪商用设备有限公司 A kind of end product pattern and the method and system of development mode handoff-security
CN105260884A (en) * 2015-11-18 2016-01-20 北京微智全景信息技术有限公司 POS machine key distributing method and device
CN105530241B (en) * 2015-12-07 2018-12-28 咪付(广西)网络技术有限公司 The authentication method of mobile intelligent terminal and POS terminal
CN105574722A (en) * 2015-12-11 2016-05-11 福建新大陆支付技术有限公司 Authorization IC card based remote online authorization method for payment terminal
CN105930718A (en) * 2015-12-29 2016-09-07 中国银联股份有限公司 Method and apparatus for switching point-of-sale (POS) terminal modes
CN105656669B (en) * 2015-12-31 2019-01-01 福建联迪商用设备有限公司 The remote repairing method of electronic equipment, is repaired equipment and system at equipment
CN105681032B (en) * 2016-01-08 2017-09-12 腾讯科技(深圳)有限公司 Method for storing cipher key, key management method and device
CN105743654A (en) * 2016-02-02 2016-07-06 上海动联信息技术股份有限公司 POS machine secret key remote downloading service system and secret key downloading method
CN105790934B (en) * 2016-03-04 2019-03-15 中国银联股份有限公司 A kind of adaptive POS terminal configuration method configures power assignment method with it
CN105978856B (en) * 2016-04-18 2019-01-25 随行付支付有限公司 A kind of POS machine key downloading method, apparatus and system
CN106059771A (en) * 2016-05-06 2016-10-26 上海动联信息技术股份有限公司 Intelligent POS machine secret key management system and method
CN106097608B (en) * 2016-06-06 2018-07-27 福建联迪商用设备有限公司 Remote cipher key method for down loading and system, acquirer and target POS terminal
CN106127461A (en) * 2016-06-16 2016-11-16 中国银联股份有限公司 Bi-directional verification method of mobile payment and system
CN106027247A (en) * 2016-07-29 2016-10-12 宁夏丝路通网络支付有限公司北京分公司 Method for remotely issuing POS key
CN106100854A (en) * 2016-08-16 2016-11-09 黄朝 The reverse authentication method of terminal unit based on authority's main body and system
CN106571915A (en) * 2016-11-15 2017-04-19 中国银联股份有限公司 Terminal master key setting method and apparatus
CN106603496B (en) * 2016-11-18 2019-05-21 新智数字科技有限公司 A kind of guard method, smart card, server and the communication system of data transmission
CN106656488A (en) * 2016-12-07 2017-05-10 百富计算机技术(深圳)有限公司 Key downloading method and device of POS terminal
CN106712939A (en) * 2016-12-27 2017-05-24 百富计算机技术(深圳)有限公司 Offline key transmission method and device
US10432730B1 (en) 2017-01-25 2019-10-01 United States Of America As Represented By The Secretary Of The Air Force Apparatus and method for bus protection
CN106953731A (en) * 2017-02-17 2017-07-14 福建魔方电子科技有限公司 The authentication method and system of a kind of terminal management person
US10296477B2 (en) 2017-03-30 2019-05-21 United States of America as represented by the Secretary of the AirForce Data bus logger
CN106997533A (en) * 2017-04-01 2017-08-01 福建实达电脑设备有限公司 A kind of POS terminal product safety production authentication management system and method
CN107094138B (en) * 2017-04-11 2019-09-13 郑州信大捷安信息技术股份有限公司 A kind of smart home safe communication system and communication means
CN107070925A (en) * 2017-04-18 2017-08-18 上海赛付网络科技有限公司 A kind of terminal applies and the anti-tamper method of background service communication packet
CN107104795A (en) * 2017-04-25 2017-08-29 上海汇尔通信息技术有限公司 Method for implanting, framework and the system of RSA key pair and certificate
CN107360652A (en) * 2017-05-31 2017-11-17 江苏普世祥光电技术有限公司 A kind of control method of square landscape lamp
CN107301437A (en) * 2017-05-31 2017-10-27 江苏普世祥光电技术有限公司 A kind of control system of square landscape lamp
CN107358441A (en) * 2017-06-26 2017-11-17 北京明华联盟科技有限公司 Method, system and the mobile device and safety certificate equipment of payment verification
CN107666420A (en) * 2017-08-30 2018-02-06 宁波梦居智能科技有限公司 A kind of intelligent domestic gateway production control and identity mirror method for distinguishing
CN107392591A (en) * 2017-08-31 2017-11-24 恒宝股份有限公司 Online recharge method, system and the bluetooth read-write equipment of trading card
WO2019080095A1 (en) * 2017-10-27 2019-05-02 福建联迪商用设备有限公司 Financial payment terminal activation method and system
WO2019178763A1 (en) * 2018-03-21 2019-09-26 福建联迪商用设备有限公司 Certificate importing method and terminal
WO2019178762A1 (en) * 2018-03-21 2019-09-26 福建联迪商用设备有限公司 Method, server, and system for verifying validity of terminal
CN108513704A (en) * 2018-04-17 2018-09-07 福建联迪商用设备有限公司 The remote distribution method and its system of terminal master key

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1901445A (en) * 2005-07-22 2007-01-24 华为技术有限公司 Distributing method for transmission key
CN101527714A (en) * 2008-12-31 2009-09-09 北京飞天诚信科技有限公司 Method, device and system for accreditation
CA2766491A1 (en) * 2009-06-25 2010-12-29 China Unionpay Co., Ltd. A method and system for securely and automatically downloading a master key in a bank card payment system
CN102647274A (en) * 2012-04-12 2012-08-22 福建联迪商用设备有限公司 POS (Point of Sale) terminal, terminal accessing device, main key managing system and method thereof

Family Cites Families (62)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH033276B2 (en) * 1981-03-24 1991-01-18 Sharp Kk
JP2993833B2 (en) * 1993-11-29 1999-12-27 富士通株式会社 Pos system
JPH10112883A (en) * 1996-10-07 1998-04-28 Hitachi Ltd Radio communication exchange system, exchange, public key management device, mobile terminal and mobile terminal recognizing method
US6630603B1 (en) * 1999-03-22 2003-10-07 Purac Biochem B.V. Method of industrial-scale purification of lactic acid
CN1127033C (en) * 2000-07-20 2003-11-05 天津南开戈德集团有限公司 Radio mobile network sale point terminal system
US7110986B1 (en) * 2001-04-23 2006-09-19 Diebold, Incorporated Automated banking machine system and method
KR100641824B1 (en) * 2001-04-25 2006-11-06 주식회사 하렉스인포텍 A payment information input method and mobile commerce system using symmetric cipher system
JP2002366285A (en) * 2001-06-05 2002-12-20 Matsushita Electric Ind Co Ltd Pos terminal
GB2384402B (en) * 2002-01-17 2004-12-22 Toshiba Res Europ Ltd Data transmission links
JP2003217028A (en) * 2002-01-24 2003-07-31 Tonfuu:Kk Operation situation monitoring system for pos terminal device
US7395427B2 (en) * 2003-01-10 2008-07-01 Walker Jesse R Authenticated key exchange based on pairwise master key
JP2005117511A (en) * 2003-10-10 2005-04-28 Nec Corp Quantum cipher communication system and quantum cipher key distributing method used therefor
KR101282972B1 (en) * 2004-03-22 2013-07-08 삼성전자주식회사 Authentication between a device and a portable storage
US20060093149A1 (en) * 2004-10-30 2006-05-04 Shera International Ltd. Certified deployment of applications on terminals
DE102005022019A1 (en) * 2005-05-12 2007-02-01 Giesecke & Devrient Gmbh Secure processing of data
KR100652125B1 (en) * 2005-06-03 2006-11-23 삼성전자주식회사 Mutual authentication method for managing and authenticating between service provider, terminal and user identify module at one time and terminal, and the system thereof
EP2013831A4 (en) * 2006-02-22 2010-12-22 Hypercom Corp Secure electronic transaction system
JP2007241351A (en) * 2006-03-06 2007-09-20 Cela System:Kk Customer/commodity integrated management system by customer/commodity/purchase management system (including pos) and mobile terminal
EP1833009B1 (en) * 2006-03-09 2019-05-08 First Data Corporation Secure transaction computer network
US7818264B2 (en) * 2006-06-19 2010-10-19 Visa U.S.A. Inc. Track data encryption
CN101064695A (en) * 2007-05-16 2007-10-31 杭州看吧科技有限公司 P2P(Peer to Peer) safe connection method
CN101145913B (en) * 2007-10-25 2010-06-16 东软集团股份有限公司 A method and system for network security communication
WO2009070041A2 (en) * 2007-11-30 2009-06-04 Electronic Transaction Services Limited Payment system and method of operation
CN101541002A (en) * 2008-03-21 2009-09-23 展讯通信(上海)有限公司 Web server-based method for downloading software license of mobile terminal
CN101615322B (en) * 2008-06-25 2012-09-05 上海富友金融网络技术有限公司 Mobile terminal payment method and mobile terminal payment system for realizing magnetic payment function
JP4666240B2 (en) * 2008-07-14 2011-04-06 ソニー株式会社 Information processing apparatus, information processing method, program, and information processing system
CN101686225A (en) * 2008-09-28 2010-03-31 中国银联股份有限公司 Methods of data encryption and key generation for on-line payment
KR20100052668A (en) * 2008-11-11 2010-05-20 노틸러스효성 주식회사 Method for on-line sharing of tmk(terminal master key) between atm and host
JP5329184B2 (en) * 2008-11-12 2013-10-30 株式会社日立製作所 Public key certificate verification method and verification server
CN101425208B (en) * 2008-12-05 2010-11-10 浪潮齐鲁软件产业有限公司 Method for safely downloading cipher key of finance tax-controlling cashing machine
CN101719895A (en) * 2009-06-26 2010-06-02 中兴通讯股份有限公司 Data processing method and system for realizing secure communication of network
CN101593389B (en) * 2009-07-01 2012-04-18 中国建设银行股份有限公司 Key management method and key management system for POS terminal
CN101631305B (en) * 2009-07-28 2011-12-07 交通银行股份有限公司 An encryption method and system
CN101656007B (en) * 2009-08-14 2011-02-16 通联支付网络服务股份有限公司 Safe system realizing one machine with multiple ciphers on POS machine and method thereof
CN102064939B (en) * 2009-11-13 2013-06-12 福建联迪商用设备有限公司 Method for authenticating point of sail (POS) file and method for maintaining authentication certificate
CN101710436B (en) * 2009-12-01 2011-12-14 中国建设银行股份有限公司 Pos method of controlling a terminal, a system and a terminal management apparatus pos
CN101807994B (en) * 2009-12-18 2012-07-25 北京握奇数据系统有限公司 Method and system for application data transmission of IC card
CN102148799B (en) * 2010-02-05 2014-10-22 中国银联股份有限公司 Key downloading method and system
CN101807997B (en) * 2010-04-28 2012-08-22 中国工商银行股份有限公司 Device and method for generating transmission key
CN201656997U (en) * 2010-04-28 2010-11-24 中国工商银行股份有限公司 Device for generating transmission key
CN102262760A (en) * 2010-05-28 2011-11-30 杨筑平 Trade secret method, reception device and submission software
US8856509B2 (en) * 2010-08-10 2014-10-07 Motorola Mobility Llc System and method for cognizant transport layer security (CTLS)
CN101938520B (en) * 2010-09-07 2015-01-28 中兴通讯股份有限公司 Mobile terminal signature-based remote payment system and method
CN101976403A (en) * 2010-10-29 2011-02-16 北京拉卡拉网络技术有限公司 Phone number payment platform, payment trading system and method thereof
CN102013982B (en) * 2010-12-01 2012-07-25 银联商务有限公司 Long-distance encryption method, management method, as well as encryption management method, device and system
CN102903189A (en) * 2011-07-25 2013-01-30 上海昂贝电子科技有限公司 Terminal transaction method and device
CN102394749B (en) * 2011-09-26 2014-03-05 深圳市文鼎创数据科技有限公司 Line protection method, system, information safety equipment and application equipment for data transmission
CN102521935B (en) * 2011-12-15 2013-12-11 福建联迪商用设备有限公司 Method and apparatus for state detection of POS machine
CN102592369A (en) * 2012-01-14 2012-07-18 福建联迪商用设备有限公司 Method for self-service terminal access to financial transaction center
CN102624710B (en) * 2012-02-27 2015-03-11 福建联迪商用设备有限公司 Sensitive information transmission method and sensitive information transmission system
CN102624711B (en) * 2012-02-27 2015-06-03 福建联迪商用设备有限公司 Sensitive information transmission method and sensitive information transmission system
CN102707972B (en) * 2012-05-02 2016-03-09 银联商务有限公司 A kind of POS terminal method for updating program and system
CN102768744B (en) * 2012-05-11 2016-03-16 福建联迪商用设备有限公司 A kind of remote safe payment method and system
CN102868521B (en) * 2012-09-12 2015-03-04 成都卫士通信息产业股份有限公司 Method for enhancing secret key transmission of symmetrical secret key system
CN103116505B (en) * 2012-11-16 2016-05-25 福建联迪商用设备有限公司 A kind of method that Auto-matching is downloaded
CN103117855B (en) * 2012-12-19 2016-07-06 福建联迪商用设备有限公司 A kind of method of the method generating digital certificate and backup and recovery private key
CN103220271A (en) * 2013-03-15 2013-07-24 福建联迪商用设备有限公司 Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key
CN103220270A (en) * 2013-03-15 2013-07-24 福建联迪商用设备有限公司 Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key
CN103237005A (en) * 2013-03-15 2013-08-07 福建联迪商用设备有限公司 Method and system for key management
CN103237004A (en) * 2013-03-15 2013-08-07 福建联迪商用设备有限公司 Key download method, key management method, method, device and system for download management
CN103729944B (en) * 2013-03-15 2015-09-30 福建联迪商用设备有限公司 A kind of method and system of secure download terminal master key
CN103269266B (en) * 2013-04-27 2016-07-06 北京宏基恒信科技有限责任公司 The safety certifying method of dynamic password and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1901445A (en) * 2005-07-22 2007-01-24 华为技术有限公司 Distributing method for transmission key
CN101527714A (en) * 2008-12-31 2009-09-09 北京飞天诚信科技有限公司 Method, device and system for accreditation
CA2766491A1 (en) * 2009-06-25 2010-12-29 China Unionpay Co., Ltd. A method and system for securely and automatically downloading a master key in a bank card payment system
CN102647274A (en) * 2012-04-12 2012-08-22 福建联迪商用设备有限公司 POS (Point of Sale) terminal, terminal accessing device, main key managing system and method thereof

Also Published As

Publication number Publication date
CN103714639A (en) 2014-04-09
CN103745351B (en) 2017-09-29
CN103716155A (en) 2014-04-09
CN103745351A (en) 2014-04-23
WO2014139403A1 (en) 2014-09-18
CN103746800A (en) 2014-04-23
CN103716320A (en) 2014-04-09
CN103716321A (en) 2014-04-09
CN103729943B (en) 2015-12-30
CN103716321B (en) 2017-08-29
CN103714634A (en) 2014-04-09
CN103714640B (en) 2016-02-03
CN103714638B (en) 2015-09-30
CN103729940A (en) 2014-04-16
CN103729941B (en) 2016-06-15
WO2014139411A1 (en) 2014-09-18
CN103729945A (en) 2014-04-16
CN103716153A (en) 2014-04-09
CN103731259B (en) 2017-08-01
CN103731260B (en) 2016-09-28
CN103716154B (en) 2017-08-01
CN103714640A (en) 2014-04-09
CN103714637B (en) 2016-03-16
CN103716155B (en) 2016-08-17
CN103714641A (en) 2014-04-09
CN103714635A (en) 2014-04-09
CN103714633B (en) 2016-05-04
CN103714639B (en) 2016-05-04
CN103714633A (en) 2014-04-09
CN103729941A (en) 2014-04-16
CN103731259A (en) 2014-04-16
WO2014139412A1 (en) 2014-09-18
CN103714634B (en) 2016-06-15
CN103731260A (en) 2014-04-16
CN103746800B (en) 2017-05-03
CN103729942A (en) 2014-04-16
CN103714637A (en) 2014-04-09
CN103701609B (en) 2016-09-28
WO2014139406A1 (en) 2014-09-18
CN103716153B (en) 2017-08-01
CN103729944A (en) 2014-04-16
CN103716154A (en) 2014-04-09
CN103716320B (en) 2017-08-01
CN103714636A (en) 2014-04-09
CN103701812B (en) 2017-01-25
CN103729945B (en) 2015-11-18
CN103716167A (en) 2014-04-09
CN103729944B (en) 2015-09-30
CN103714636B (en) 2015-12-02
CN103701610B (en) 2018-04-17
CN103729942B (en) 2016-01-13
CN103714638A (en) 2014-04-09
CN103729943A (en) 2014-04-16
CN103714635B (en) 2015-11-11
CN103729940B (en) 2016-06-15
CN103701609A (en) 2014-04-02
CN103714641B (en) 2016-03-30
CN103701812A (en) 2014-04-02
WO2014139408A1 (en) 2014-09-18
CN103701610A (en) 2014-04-02

Similar Documents

Publication Publication Date Title
CN105243313B (en) For the method whenever confirmed to verifying token
CN1689297B (en) Method of preventing unauthorized distribution and use of electronic keys using a key seed
CA2256881C (en) An automatic safe public communication system
JP4866863B2 (en) Security code generation method and user device
US20100153273A1 (en) Systems for performing transactions at a point-of-sale terminal using mutating identifiers
US9223994B2 (en) Secure transaction method from a non-secure terminal
US20190005470A1 (en) Accredited certificate issuance system based on block chain and accredited certificate issuance method based on block chain using same, and accredited certificate authentication system based on block chain and accredited certificate authentication method based on block chain using same
JP4503794B2 (en) Content providing method and apparatus
KR101661933B1 (en) Ccertificate authentication system and method based on block chain
US20100051686A1 (en) System and method for authenticating a transaction using a one-time pass code (OTPK)
CN103716154B (en) A kind of terminal master key TMK safety downloading method and systems
TWI497336B (en) Data security devices and computer program
KR101637863B1 (en) Security system and method for transmitting a password
CN106797311A (en) For the method for security password generation
CN105745678A (en) Secure remote payment transaction processing including consumer authentication
CN101300808B (en) Method and arrangement for secure autentication
JP2002259605A (en) Device and method for information processing and storage medium
CN107210914A (en) The method supplied for security credence
CN103026686A (en) Method and apparatus for providing a one-time password
US20180227293A1 (en) Certificate issuing system based on block chain
CN101098225A (en) Safety data transmission method and paying method, paying terminal and paying server
US20060280297A1 (en) Cipher communication system using device authentication keys
CN103229452A (en) Mobile handset identification and communication authentication
CN1849774A (en) Message security
CN102932149B (en) Integrated identity based encryption (IBE) data encryption system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant